b2f9307e0a
vprint # of RPC programs, since the table comes right after
2014-11-18 12:17:10 -08:00
a9f9a8b116
Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner
2014-11-18 12:17:10 -08:00
c7794a7ed9
Clean up Ruby style in sunrpc_portmapper
2014-11-18 12:17:09 -08:00
059d84e4ca
More consistent *print_* and Rex::Ui::Text::Table for sunrpc_portmapper
2014-11-18 12:17:09 -08:00
703e0486fb
Add DLSw leak capture module for CVE-2014-7992
2014-11-17 20:35:54 -07:00
45d219c0d8
Land #4102 , @jhart-r7's fix for nbns_response
...
* Use request src_port instead of 137
2014-11-17 15:46:38 -06:00
8c34f35ca9
added mssql_enum_windows_domain_accounts.rb
2014-11-17 13:03:43 -06:00
fd53e969fd
Land #4217 , browser_autopwn variable fix
2014-11-17 11:46:52 -06:00
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
2c36f79934
Land #4165 , @jhart-r7's check for datastore options on Cisco dtp
...
* Fix modules/auxiliary/spoof/cisco/dtp
* Just one of the two options is required
2014-11-17 11:23:31 -06:00
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
a521d469ed
Land #4194 , Quake protocol support
2014-11-15 17:44:19 -06:00
57aef9a6f5
Land #4177 , @hmoore-r7's fix for #4169
2014-11-13 18:29:57 -08:00
e2dc862121
Fix newly introduced typo.
2014-11-13 14:53:57 -06:00
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
f081ede2aa
Land #4155 , @pedrib's module for CVE-2014-8499
...
* Password Manager Pro privesc + password disclosure
2014-11-12 23:56:26 -06:00
ebf6fe4e56
Minor style cleanup
2014-11-12 16:44:43 -08:00
07a1653e57
Add gather module for Quake servers
2014-11-12 13:32:56 -08:00
9df31e950f
Add OSVDB id
2014-11-12 21:32:33 +00:00
54158c8662
Land #4005 , TNS poison checker
2014-11-12 13:29:59 -06:00
d242bc220b
Minor fixups and disclosure date for TNS module
2014-11-12 13:25:10 -06:00
955a5142ca
Edit e-mail address for antispam
2014-11-12 13:19:04 -06:00
70589668c2
Really land the #4130 module
2014-11-12 09:39:01 -06:00
ece8013d7a
Use #empty?
2014-11-12 09:35:06 -06:00
f048463ed6
Do minor fixupts
...
* Delete peer method
* Make verifications more strict
2014-11-12 09:33:49 -06:00
a5c87db65e
Do minor cleanup
...
* Beautify description
* Use double quotes for interpolation
2014-11-12 09:29:53 -06:00
e1164d3e14
Use snake_case on filename
2014-11-12 09:26:47 -06:00
7e05f88399
Reapply PR #4113 (removed via #4175 )
2014-11-11 15:06:43 -06:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
017a44c0ae
Revert errored merge of deea30d
...
Revert "Merge branch 'master' of https://github.com/farias-r7/metasploit-framework into upstream-master"
This reverts commit deea30ddb414514d7b8b
2014-11-11 14:38:47 -06:00
9238d80a24
Use correct source port for NBNS spoofer
...
137 is only correct for systems that use this as their source port.
Systems running Samba, for example, don't use this. So use the port
taken from the original request, not 137 or 1337
2014-11-11 10:33:27 -08:00
96ba6da697
Add the UDP scanner template, lands #4113 .
...
There is some additional work to do regarding CHOST/CPORT, but this is not tied to the udp template changes.
2014-11-11 11:59:30 -06:00
01fda27264
Fix title
2014-11-11 11:15:53 -06:00
a588bfd31a
Use single quotes
2014-11-11 09:56:46 -06:00
77c8dc2b64
Dont return nil from 'run'
2014-11-11 09:39:08 -06:00
fb309aae11
Use a Fixnum as FuzzInt default value
2014-11-11 09:36:53 -06:00
f6762b41b6
Use random fake db name
2014-11-11 09:35:51 -06:00
94c353222d
Do small cosmetic changes
2014-11-11 09:31:57 -06:00
e9e5869951
update from master
2014-11-11 09:24:33 -06:00
c0285067c9
Add new module to test TNS poison
...
msf auxiliary(tnspoison_checker) > show options
Module options (auxiliary/scanner/oracle/tnspoison_checker1):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.2.100, 172.16.2.24, 172.16.2.101 yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(tnspoison_checker) > exploit
[+] 172.16.2.100:1521 is vulnerable
[*] Scanned 1 of 3 hosts (033% complete)
[-] 172.16.2.24:1521 is not vulnerable
[*] Scanned 2 of 3 hosts (066% complete)
[-] 172.16.2.101:1521 unable to connect to the server
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
2014-11-11 17:29:27 +03:00
091da05a86
update from master
2014-11-10 22:59:44 -06:00
cac6494427
Use snake_case in filename
2014-11-10 16:58:46 -06:00
2c33642de8
Do minor cleanup
2014-11-10 16:57:57 -06:00
12ae8b3ec6
update from master
2014-11-10 16:19:26 -06:00
493b81d874
cleanup
2014-11-10 15:22:21 -06:00
31fa57fcb2
mssql_enum_sql_logins
2014-11-10 15:19:55 -06:00
d543b16cc1
Added mssql_enum_sql_logins.rb
2014-11-10 15:02:46 -06:00
ea226f7482
Update mssql_enum_sql_logins.rb
2014-11-10 15:02:14 -06:00
74344e9295
added mssql_enum_sql_logins
2014-11-10 13:42:52 -06:00
4b701700c1
Fix banner
2014-11-10 12:40:53 -06:00
7ed11ffd52
Check for INTERFACE or SMAC in dtp setup
2014-11-10 10:14:47 -08:00
65dbb1a83f
Do print_status
2014-11-10 11:26:53 -06:00
7aed1e9581
Create loot_passwords method
2014-11-10 11:21:44 -06:00
92df11baa7
Create report_super_admin_creds method
2014-11-10 11:16:25 -06:00
8f17011909
do run clean up
...
* Reduce code complexity
* Don't report not valid administrator credentials
2014-11-10 11:12:04 -06:00
635df2f233
Fail with NoAccess
2014-11-10 09:50:26 -06:00
9c033492d2
Fix indentation
2014-11-10 09:48:22 -06:00
2236518694
Check res.body before accessing #to_s
2014-11-10 09:47:05 -06:00
8b8ab61e3d
Favor && over and
2014-11-10 09:45:12 -06:00
ee4924582a
Use target_uri
2014-11-10 09:43:44 -06:00
8ddd6a4655
Redefine RPORT having into account it is builtin
2014-11-10 09:42:30 -06:00
eb36a36272
Change title
2014-11-10 09:40:22 -06:00
b3c27452cd
Add full disclosure URL
2014-11-09 10:40:41 +00:00
5bf8901822
Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue
2014-11-09 02:43:36 -05:00
f680b666c7
Add github adv URL
2014-11-08 11:29:36 +00:00
143033f657
Rename manageengine_pmp_sadmin.rb to manageengine_pmp_privesc.rb
2014-11-08 11:28:04 +00:00
2843437ca9
Create exploit for CVE-2014-8499
2014-11-08 11:24:50 +00:00
e7b448537f
Add OSVDB ids
2014-11-08 11:05:34 +00:00
9d6e0664a4
Guess service name and port
2014-11-07 20:56:01 -06:00
a44640c9fc
Use single quotes
2014-11-07 20:48:04 -06:00
7c1c08fc19
Use single quotes without interpolation
2014-11-07 20:46:47 -06:00
0373156cce
Use unless over if not
2014-11-07 20:42:08 -06:00
f5a920da99
Use || operator
2014-11-07 20:41:44 -06:00
64754a5609
Delete unnecessary begin..end block
2014-11-07 20:38:36 -06:00
0919f74a3d
Delete unused variable
2014-11-07 20:37:57 -06:00
22b875d0f3
Reduce code complexity
2014-11-07 20:37:40 -06:00
b1517e6ace
Delete unnecessary nil comparision
2014-11-07 20:34:13 -06:00
aa1fec7f02
Use fail_with
2014-11-07 20:33:33 -06:00
d630eac272
Reduce code complexity
2014-11-07 20:32:15 -06:00
cea30b5427
Use built-in format for RPORT
2014-11-07 20:30:32 -06:00
e99cc00a57
No more than 100 columns on description
2014-11-07 20:29:38 -06:00
c00a3ac9cd
Add full disclosure URL
2014-11-07 08:06:21 +00:00
8a0249cdbf
Address Juan's points
2014-11-06 21:02:28 +00:00
e71ba1ad4a
Push exploit for CVE-2014-6038/39
2014-11-05 20:12:03 +00:00
cca30b536f
Land #4094 , fixes for OWA brute forcer
...
Fixes #4083
Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
ff8d481eec
Update description to remove comments about defaults. Default to 2013
2014-11-04 21:21:19 -08:00
d91ffa893b
Viproy is removed from names
...
Author sections are fixed
2014-11-05 15:44:32 +11:00
2c028ca7a6
Move redirect check before body check -- a redirect won't have a body
2014-11-04 14:19:21 -08:00
7855ede2de
Move userpass emptiness checking into setup
2014-11-04 14:07:39 -08:00
ebb8b70472
Land #4015 , another Android < 4.4 UXSS module
2014-11-04 15:52:29 -06:00
f8593ca1b5
Land #4109 , tnftp savefile exploit from @wvu-r7
2014-11-04 15:44:13 -06:00
5fb268bbdf
Updates to better OWA fix
2014-11-04 14:32:54 -06:00
56a02fdb4a
added mssql_escalate_executeas_sqli.rb
2014-11-04 13:38:13 -06:00
b0e388f4c3
Land #3516 , @midnitesnake's snmp_enumusers fix for Solaris, OS X
2014-11-04 08:23:16 -08:00
15119d2a0f
comment fix-sorry
2014-11-04 09:07:08 -06:00
f108d7b20a
fixed code comment
2014-11-04 08:51:27 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
fbe3adcb4c
added mssql_escalate_executeas module
2014-11-03 11:29:15 -06:00
8f197d4918
Move to build_probe
2014-11-03 08:41:51 -08:00
6f013cdcaf
Missed these
2014-10-31 18:48:48 -05:00
d6a830eb6e
Rescue the correct exception: Rex::HostUnreachable
2014-10-31 16:43:33 -05:00
121ebdfef6
update_info
2014-10-31 13:17:50 -07:00
b99e71dcdd
Example UDPScanner style cleanup, move most to UDPScanner
2014-10-31 12:14:04 -07:00
ff0b52cffb
Example per-batch vprint, a useful default
2014-10-31 10:31:31 -07:00
94d4388af9
Improvements to example UDPScanner
2014-10-31 09:53:10 -07:00
1e9f9ce425
Handle invalid JSON errors and fix typo.
2014-10-31 11:01:49 -05:00
d9f0a10737
Add new example template for scanning UDP services
2014-10-31 08:06:31 -07:00
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor
2014-10-30 13:52:07 -05:00
470a067384
Final changes
2014-10-30 13:51:44 -05:00
912f6c8eee
Land #4085 - Xerox Administrator Console Password Extract
2014-10-30 13:37:32 -05:00
02b1c5c4bc
Final changes
2014-10-30 13:37:02 -05:00
127d1640da
Print password
2014-10-30 13:27:40 -05:00
a6980b9eb8
Updated to module based feedback from wchen-r7
2014-10-30 12:59:11 -04:00
6dc13f90cd
Update descriptions to mention Webview bugginess.
2014-10-30 10:55:56 -05:00
0ad9f95806
Remove stray alert() for debugging.
2014-10-30 10:52:06 -05:00
88040fbce0
Add another Android < 4.4 UXSS exploit.
2014-10-30 10:34:14 -05:00
15e1c253fa
Numerous cleanups for snmp_enumusers
...
* Bring in line with Ruby standards
* More sane format for adding new OSs
* Better logging for use on larger networks
* Better error handling
2014-10-29 23:54:32 -07:00
9d56f0298a
Changed upper XXX to lower XXX.
2014-10-29 20:09:02 -05:00
6c13c14be1
Konica MFP ftp and SMB credential gathering module
2014-10-29 16:12:16 -04:00
b35a8935db
Updated get_once for get_once undefined method and EOFError
2014-10-29 13:47:07 -05:00
2bc8767751
Updated rescue to catch other errors from the socket API
2014-10-29 08:03:28 -05:00
ba5035c7ef
Prevent calling match when there is no WWW-auth header
2014-10-28 17:13:57 -07:00
a5d883563d
Abort if 2013 desired but redirect didn't happen
2014-10-28 15:59:22 -07:00
7ca4ba26b0
Show more helpful vprint messages when login fails
2014-10-28 15:48:04 -07:00
bce8f34a71
Set proper Cookie header from built cookie string
2014-10-28 15:41:36 -07:00
a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response
2014-10-28 15:40:15 -07:00
604cad9fbb
Updated timeout to default to 45 seconds to wait for the print job to finish.
2014-10-28 15:45:28 -05:00
b17d6a661d
Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds.
2014-10-28 15:23:47 -05:00
0e42cf25d1
Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri
2014-10-28 15:13:16 -05:00
9c028c1435
Fixes #4083 , make the split nil-safe
...
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.
This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
1012cd8d6b
Updated based on wchen-r7 feedback.
2014-10-28 11:38:50 -05:00
dade6b97ba
Land #4088 , wget exploit
...
Fixes #4077 as well.
2014-10-28 09:03:07 -05:00
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
d799625507
Switch to vprint_good for verbose good things
2014-10-28 01:53:54 -04:00
0fa461737e
Fix null arguments syntax
2014-10-28 01:49:54 -04:00
7a727f9bff
Make msftidy happy
2014-10-28 01:48:13 -04:00
595b4d2bbd
Clean up aux check review comments
2014-10-28 01:44:52 -04:00
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
329b9ac292
Actions updates of the Viproy CUCDM exploits
2014-10-28 14:11:07 +11:00
703393e9f1
First revision of the Viproy CUCDM exploits
2014-10-28 13:53:13 +11:00
0b225d94b1
Xerox Admin password extractor.
2014-10-27 19:26:40 -05:00
b990b14a65
Land #3771 , @us3r777's deletion of jboss_bshdeployer STAGERNAME option
2014-10-27 18:09:35 -05:00
f7f6cff327
Update xerox_workcentre_5XXX_ldap.rb
2014-10-27 17:23:47 -05:00
f119abbf8c
Xerox workcentre 5735 LDAP credential extractor
2014-10-27 15:52:12 -05:00
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
4dfbce425a
use vprintf...
2014-10-26 09:20:32 -05:00
c31fb0633d
Merge branch 'wp-psexeccmd' of github.com:webstersprodigy/metasploit-framework into webstersprodigy-wp-psexeccmd
2014-10-26 09:05:25 -05:00
1db09fee01
Viproy VoIP Pen-Test Kit - Cisco CUCDM Exploits
2014-10-24 11:46:52 +11:00
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
0ea03c00a5
Use print_brute instead of print_good for format consistency
2014-10-22 16:14:45 -05:00
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
0fcd1ac4f6
Restore tcp evasions to smb_login
2014-10-21 18:59:11 -05:00
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
6d11ec8477
These mods support Proxies, so make the option visible for the user
2014-10-21 15:39:24 -05:00
db7c420d8d
Merge the latest changes
2014-10-21 13:49:42 -05:00
f9f8c413a8
Derp, ssh modules don't include Tcp for #proxies
2014-10-21 13:28:13 -05:00
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
4705aeb762
Restore tcp evasions to ftp, pop3, vnc
2014-10-21 11:06:55 -05:00
7d150ce0dd
Add tcp evasions to mysql
2014-10-21 10:05:18 -05:00
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
d6f4c02c2a
Land #3979 , @wchen-r7 fixes #3976 , http_login not using TARGETURI, neither uri normalization
2014-10-20 18:10:57 -05:00
74ac16081f
Land #3981 , @wchen-r7 Fixes #3974 , axis_login.rb does not normalize URI
2014-10-20 17:51:13 -05:00
00f137cdcf
Land #4040 , @nullbind's MS SQL privilege escalation through SQLi
2014-10-20 16:23:50 -05:00
acc590b59c
Modify metadata
2014-10-20 16:22:10 -05:00
1381c7fb37
Modify title
2014-10-20 16:17:47 -05:00
323680c31a
Clean code
2014-10-20 16:17:06 -05:00
935a23296d
Updates to NAT-PMP, lands #4041
2014-10-20 11:26:26 -05:00
6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It!
2014-10-20 11:23:23 -05:00
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
036d43ba37
fixed logic bug
2014-10-19 20:56:29 -05:00
2985b39267
Land #3980 , @wchen-r7 fixed #3975
2014-10-19 17:11:06 -07:00
c2174c7910
return if no version response received
2014-10-19 00:29:36 +02:00
1e2f1eaee0
cleaning up
2014-10-18 12:00:11 -05:00
329a600b84
Add tcp evasion options to mssql_login
2014-10-17 17:40:21 -05:00
10f3969079
Land #4043 , s/http/http:/ splat
...
What is a splat?
2014-10-17 13:41:07 -05:00
367ea5d3db
Add disclosure date
2014-10-17 12:35:28 -05:00
ccdaf2b576
Fix the banner
...
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
ad501b25e4
Filename move to be less redundant
2014-10-17 11:25:14 -05:00
bf92769ba2
added mssql_escalate_dbowner_sqli
2014-10-17 10:25:20 -05:00
8fdae8fbfb
Move protocol and lifetime to mixin, use correct map_target if CHOST
2014-10-16 13:24:17 -07:00
40b360555f
Make the error message a little more useful
2014-10-16 12:47:13 -05:00
8cf10be779
Don't assume SSLv3 is set (kill FP+s)
2014-10-16 10:43:58 -05:00
0b67efd51e
Add a POODLE scanner and general SSL version scan
2014-10-16 10:27:37 -05:00
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
07f2d4dafe
Further improvements to NAT-PMP. Faster, more useful, less not useful
2014-10-15 06:39:38 -07:00
592f1e9893
Land #3999 , errors on login suppressed by default
...
This also solved the merge conflict on:
modules/auxiliary/scanner/http/jenkins_login.rb
Fixes #3995 .
2014-10-14 16:35:09 -05:00
ea6824c46f
WIP of NAT-PMP rework
2014-10-14 14:20:24 -07:00
bdbad5a81d
Fix misaligned bracket
2014-10-14 13:43:59 -05:00
9f6008e275
A couple OSVDB updates for recent modules
2014-10-14 13:39:36 -05:00
56534e7ad3
Changed a login failed to vprint instead of print
...
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995 .
This module was introduced in PR #3947 .
2014-10-14 12:01:09 -05:00
6ea3a78b47
Clarify the description on HP perfd module
...
Introduced in #3992
2014-10-14 11:58:52 -05:00
621b9523b1
Update tnspoison_checker.rb
2014-10-13 22:05:08 +04:00
1996886ae9
Update tnspoison_checker.rb
2014-10-13 12:53:39 +04:00
22aabc7805
Add new module to test TNS poison
...
This module simply checks the server for vulnerabilities like TNS Poison
2014-10-13 12:21:07 +04:00
d51d2bf5a0
Land #3990 , @wchen-r7's fix for #3984 , a busted check in drupal_views_user_enum
2014-10-12 19:38:55 -07:00
76275a259a
Minor style cleanup of help and a failure message
2014-10-12 18:34:13 -07:00
c3a58cec9e
Make note of other commands to investigate
2014-10-11 13:07:52 -07:00
c80a5b5796
List commands in sorted order
2014-10-11 13:00:30 -07:00
4ffc8b153c
Support running more than one perfd command in a single pass
2014-10-11 11:38:00 -07:00
c72593fae4
Store just banner for service, loot the rest. Also, minor style.
2014-10-11 11:12:49 -07:00
9550c54cd2
Correct indentation and whitespace
2014-10-11 10:39:12 -07:00
9500038695
Fix #3995 - Make negative messages less verbose
...
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
7bd0f2c114
Changed Name, array in OptEnum and operator
2014-10-11 09:03:18 -03:00
cbde2e8cd1
Variable cmd now with interpolation
2014-10-10 18:21:16 -03:00
291bfed47e
Using Rex.sleep instead of select
2014-10-10 15:17:40 -03:00
bd315d7655
Changed print_good and OptEnum
2014-10-10 13:54:42 -03:00
08fdb4fab2
Add module to enumerate environment HP via perfd daemon
2014-10-10 13:09:36 -03:00
260aa8dc22
Fix #3984 - Fix broken check for drupal_views_user_enum
2014-10-10 10:23:20 -05:00
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
aefd15c185
Land #3376 , ARRIS SNMP enumerator from @inokii
2014-10-09 15:28:06 -05:00
7d8eadada6
Fix #3974 - Validate and normalize URI for axis_login
2014-10-09 14:33:39 -05:00
c9c34beafa
Fix #3975 - Register TARGETURI, not URI
...
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
8163b7de96
Thanks for helping me clean up Todd!
2014-10-09 18:20:31 +01:00
d366cdcd6e
Fix #3976 - validate and normalize user-supplied URI for http_login.rb
...
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
9d1e206e43
Incorporate cred changes and other minor fixes
2014-10-09 17:59:38 +01:00
a535d236f6
Land #3947 , login scanner for jenkins by @nstarke
2014-10-09 12:59:02 -04:00
6ea530988e
Apply rubocop changes and remove multiline print
2014-10-09 12:57:39 -04:00
3305b1e9c3
Land #3984 , @nullbind's MSSQL privilege escalation module
2014-10-09 11:39:15 -05:00
10b160bedd
Do final cleanup
2014-10-09 11:38:45 -05:00
bbe435f5c9
Don't rescue everything
2014-10-09 11:25:13 -05:00
0cd7454a64
Use default value for doprint
2014-10-09 11:04:42 -05:00
db6f6d4559
Reduce code complexity
2014-10-09 10:59:14 -05:00
615b8e5f4a
Make easy method comments
2014-10-09 10:48:00 -05:00
dd03e5fd7d
Make just one connection
2014-10-09 10:46:51 -05:00
df0d4f9fb2
Fix #3973 - Unneeded datastore option URI
...
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
168f1e559c
fixed status
2014-10-08 21:19:50 -05:00
3ebcaa16a1
removed scanner
2014-10-08 21:18:56 -05:00
328be3cf34
Fine Tuning Jenkins Login Module
...
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
4817e1e953
Update trackit_sql_domain_creds.rb
2014-10-08 21:41:04 +01:00
a901916b0b
Remove nonfunctional jtr_unshadow
...
This module hasn't been doing anything but print_error a go away message
since June, so may as well get rid of it.
2014-10-08 10:23:29 -05:00
3c7be9c4c5
Remove hash rockets from references #3766
...
[SeeRM #8776 ]
2014-10-08 09:01:19 +00:00
6af6b502c3
Remove spaces at EOL
2014-10-08 08:30:30 +01:00
713ff5134a
Add OSVDB id
2014-10-08 08:24:44 +01:00
bd812c593c
Add full disclosure URL
2014-10-08 08:24:04 +01:00
bbac61397d
Restore :address to rhost and explain why
2014-10-08 08:23:43 +01:00
9cb0ad1ac2
Change the reporting address to the real value
2014-10-08 01:18:17 +01:00
6e9bebdaf9
Fix noob mistake in assignment
2014-10-08 01:04:15 +01:00
7dbfa19e65
Add exploit for Track-It! domain/sql creds vuln
2014-10-07 23:54:43 +01:00
031fb19153
requested updates
2014-10-06 23:52:30 -05:00
399a61d52e
Land #3946 , ntp_readvar updates
2014-10-06 21:57:57 -05:00
e1b0ba5d3d
Removing 'require pry'
...
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
d3354d01f0
Fix #3808 - NoMethodError undefined method `map'
...
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
8c8ccc1d54
Update Authors
2014-10-06 11:30:39 -07:00
69400cf280
Fixing Author Declaration
...
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
c0a3691817
Adding Jenkins-CI Login Scanner
...
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
a341756e83
Support spoofing source IPs for NTP readvar, include status messages
2014-10-03 14:05:57 -07:00
fa4414155a
Only include the exact readvar payload, not any padding
2014-10-03 13:58:13 -07:00
65c1a8230a
Address most Rubocop complaints
2014-10-03 13:47:29 -07:00
0715c671c6
Update NTP readvar module to detect DRDoS, UDPScanner to be faster
2014-10-03 13:28:30 -07:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
77bb2df215
Adds support for both CVEs, lands #3931
2014-10-01 17:06:59 -05:00
51bc5f52c1
Add CVE-2014-6278 support
...
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
7e05ff343e
Fix smbdirect
...
Also some whitespace and a typo in output message
2014-10-01 16:02:59 -05:00
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
be1df68563
Remove auxiliary/scanner/elasticsearch/indeces_enum.rb
...
Time is up, so good bye.
2014-09-30 17:24:21 -05:00
5ea968f3ee
Update description to prefer the exploit module
2014-09-30 11:34:28 -05:00
162e42080a
Update title to reflect scanner status
2014-09-30 11:04:17 -05:00
12d7073086
Use idiomatic Ruby for the marker
2014-09-29 22:32:07 -05:00
71d6b37088
Fix bad header error from pure Bash CGI script
2014-09-29 22:25:42 -05:00
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
b266233e95
fix bug
2014-09-30 00:21:52 +02:00
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
21b2d9eb3f
Land #3899 - WordPress custom-contact-forms Plugin SQL Upload
2014-09-29 14:40:28 -05:00
64dbc396dd
Add header specification to check module, lands #3902
2014-09-27 12:58:29 -05:00
044eeb87a0
Add variable HTTP header
...
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
c51c19ca88
bugfix
2014-09-27 14:56:34 +02:00
9a424a81bc
fixed bug
2014-09-27 13:46:55 +02:00
1c30c35717
Added WordPress custom_contact_forms module
2014-09-27 13:42:49 +02:00
c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec
2014-09-26 17:06:23 -05:00
80d9af9b49
Fix spacing in description
2014-09-26 17:03:28 -05:00
9e540637ba
Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials
2014-09-26 17:02:27 -05:00
3259509a9c
Use return
2014-09-26 16:04:15 -05:00
0a3735fab4
Make it better
2014-09-26 16:01:10 -05:00
3538b84693
Try to make a better check
2014-09-26 15:55:26 -05:00
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
5044117a78
Refactor dhclient_bash_env to use the egypt's mixin mods
2014-09-26 13:34:44 -05:00
ebf4e5452e
Added mssql_escalate_dbowner module
2014-09-26 10:29:35 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
b878ad2b75
Add a module to exploit bash via DHCP, lands #3891
...
This module is just a starting point for folks to test their DHCP client implementations and we plan to significantly overhaul this once we get a bit of breathing room.
2014-09-25 23:38:40 -05:00
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
f66c854ad6
Fix description to be less lulzy
2014-09-25 07:09:08 -05:00
9ed28408e1
Favor check_host for a scanner
2014-09-25 07:06:12 -05:00
62b74aeaed
Reimplement old check code I was testing before
...
I would like to credit @wchen-r7 for providing advice and feedback.
@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
d9120cd586
Fix typo in description
...
Running on fumes here...
2014-09-25 01:22:08 -05:00
790df96396
Fix missed var
2014-09-25 01:19:14 -05:00
e051cf020d
Add missed mixin
2014-09-25 01:14:58 -05:00
27b8580f8d
Add protip to description
...
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
b1e9b3664e
Improve false positive check
2014-09-25 01:01:11 -05:00
8daf8d4339
Report vuln for apache_mod_cgi_bash_env
...
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
5a59b7cd89
Fix formatting
2014-09-24 23:12:11 -05:00
e6f0736797
Add peer
2014-09-24 22:48:51 -05:00
8b6519b5b4
Revert shortened reference
...
But it's so long. :(
2014-09-24 22:43:33 -05:00
ecb10ebe28
Add variable HTTP method and other stuff
2014-09-24 22:41:01 -05:00
a600a0655d
Scannerify the module
2014-09-24 18:58:39 -05:00
abadf65d8d
Clean up title and formatting
2014-09-24 18:42:43 -05:00
2562964581
Revert to my original code of using CMD
2014-09-24 18:00:13 -05:00
6ae578f80f
Add Stephane Chazelas as an author
2014-09-24 17:14:18 -05:00
b2555408a4
Rename module
...
I don't think we're gonna make a supermodule like we had hoped.
2014-09-24 16:55:10 -05:00
31e9e97146
Replace unnecessary reference with a better one
2014-09-24 16:52:43 -05:00
fc04bf9d48
Update description
...
This is what I had when @todb-r7 beat me to the punch. >:P
2014-09-24 16:22:58 -05:00
2f788c2e0c
Fix description
2014-09-24 16:13:05 -05:00
ca63fe931d
Add CVE-2014-6271 PoC
2014-09-24 16:02:59 -05:00
5f6e84580c
Clean up and use Metasploit::Credential
2014-09-24 01:00:23 +00:00
81406defed
hopefully what you are looking for this time
2014-09-23 11:36:13 -05:00
259a368577
Land #3841 , @jabra-'s modifications to ssdp_amp to support spoofing
2014-09-22 12:28:46 -07:00
fc4c1907d3
Land #3839 , @jabra-'s updates to dns_amp to support spoofing
2014-09-22 12:14:39 -07:00
8f63075da4
Land #3837 , @jabra-'s update to chargen scanner to support spoofing
2014-09-22 12:02:01 -07:00
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
2a714a7c4d
Fix a typo
...
Downloading and deleting are two very different things. Thanks Dan.
2014-09-21 18:35:26 -05:00
b7a0847114
SRC IP spoofing added to the SSDP amplification module
2014-09-20 21:37:01 -04:00
bb018de3a1
chargen src IP spoofing
2014-09-20 16:08:52 -04:00
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
c00094ba6e
Land #3345 , @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli
2014-09-19 15:01:21 -05:00
62414e2214
Add Timeout to exploit sqli
2014-09-19 15:00:54 -05:00
db6372ec8b
Do minor module cleanup
2014-09-19 14:43:35 -05:00
4a9294e3bf
Mark module as not executable
2014-09-19 14:36:44 -05:00
405ac34a16
Fix author name
2014-09-19 13:56:13 -05:00
79d5fb56d4
Land #3829 , @jhart-r7's UDP emtpy probe scanner
2014-09-19 13:54:35 -05:00
737f77d31a
Cleaner output when PORTS is invalid
2014-09-19 11:12:14 -07:00
3493987300
report_service when we find something this way
2014-09-19 10:45:06 -07:00
43171141da
update for ntp modules
2014-09-19 11:14:11 -04:00
a54b23642e
Relocate empty UDP scanner
2014-09-18 12:31:52 -07:00
6cad5d9aeb
Add ManageEngine DeviceExpert User Credentials
2014-09-18 19:18:59 +00:00
5dad73a28f
Explicitly require credential_collection
...
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
4ed1fa55f5
Don't need this header
2014-09-16 14:50:32 -05:00
59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc.
2014-09-16 13:31:03 -05:00
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
373861abb0
Land #3526 , @jhart-r7's soap_xml scanner cleanup
2014-09-12 13:29:52 -05:00
12f949781a
Use double quote for xml strings
2014-09-12 13:18:48 -05:00
67c0ee654b
Use Gem::Version
2014-09-12 10:35:12 -05:00
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
d2f2b142b4
Land #3760 , Arris WEP/WPA leak from @dheiland-r7
2014-09-11 15:39:19 -05:00
4fc1ec09c7
Land #3759 , Android UXSS, with ref/desc fixes
...
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)
Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
fbba4b32e0
Update the title and desc to be more descriptive
...
See #3759
2014-09-11 14:06:14 -05:00
d627ab7628
Add refs for Android UXSS
...
See #3759
2014-09-11 14:05:50 -05:00
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
872ba6a53b
Update arris_dg950 module with required changes
...
Collapsed several levels of the if/else statement and changed out 2 with
case. Changed print_good to print_line. Removed rescue ::Interrupt and
altered variable names to make them more readable
2014-09-10 19:07:53 -04:00
e317bfe0d5
Add preliminary module for discovering services with empty UDP probes
2014-09-10 10:58:22 -07:00
280e16c241
Land #3677 - Updated shodan_search for new API
2014-09-10 11:39:00 -05:00
006393360e
Add conditions to check healthy shodan results
2014-09-10 11:38:06 -05:00
257f0fc93e
Quick fix for ssh_login_pubkey
...
Fixes #3772 , closes #3774
2014-09-10 09:57:17 -05:00
2ae23bbe99
Remove STAGERNAME option
...
This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.
2014-09-09 21:44:08 +02:00
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
b8000517cf
Land #3746 , reinstate DB_ALL_CREDS
2014-09-08 17:24:12 -05:00
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds
2014-09-08 12:52:25 -05:00
9a6ee5090a
Add Arris DG950A SNMP data extraction module
...
This module will extract critical data such as WPA and WEP keys from
the Arris DG950a model cable modem via the SNMP protocal.
2014-09-08 11:04:31 -04:00
0ccb39c057
Land #3726 - Fix typos in wordpress login
2014-09-08 09:40:57 -05:00
27889ea411
Add a safety fallback on js load.
2014-09-08 00:46:47 -05:00
8407d45c9c
Rework the timers.
2014-09-08 00:40:00 -05:00
5c9c8edfcf
Fix refs.
2014-09-07 23:33:45 -05:00
5efaf7d4cf
rename module, handle asyncness.
2014-09-07 23:25:08 -05:00
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
1bf89fb6bd
Add Android <= 4.3 AOSP UXSS module.
2014-09-07 20:44:03 -05:00
c86d01a667
Fix win.ini signature
2014-09-07 01:46:38 -05:00
44b9dc9b28
Update tmlisten_traversal
2014-09-06 01:18:11 -05:00
abffdd8705
Update alienvault_newpolicyform_sqli.rb
...
cleaned up according to msftidy.rb suggestions
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
664cc131e3
Update alienvault_newpolicyform_sqli.rb
...
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
08ce278cca
Got these wrong
2014-09-04 17:05:51 -05:00
cb490fc00e
[SeeRM #8836 ] Change boot.ini to win.ini
2014-09-04 17:03:21 -05:00
d83131f1d9
Land #3750 , @wvu favoring unless
2014-09-04 16:17:07 -05:00
ff210a7c0a
delete parenthesis
2014-09-04 16:16:29 -05:00
c32b977a27
Land #3747 , @wvu changes to printer_ready_message
2014-09-04 15:26:52 -05:00
2d8c7a7a4d
Refactor if statement to early return
...
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
34455b5dc6
Fix missing require for jtr_oracle_fast
2014-09-04 14:38:07 -05:00
50ac8366fd
Refactor CHANGE/RESET to actions
...
Missed in c1fdc4d945
2014-09-04 14:36:04 -05:00
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
84f9ec0aad
Refactor implicit options hash
...
Missed in c1fdc4d945
2014-09-04 13:30:06 -05:00
00ec47fb83
call new prepend cred methods
...
add method calls o all the lgoinscanner modules
so that they call the prepend_db_* methods as approrpiate
these methods automatically check to see if DB_ALL_CREDS was
selected
2014-09-04 12:32:35 -05:00
c5755824a6
pass in vhost and useragent
...
have http loginscanner modules pass in VHOST
and Useragent to the LoginScanner classes
2014-09-04 11:02:19 -05:00
dd4fd7bb39
The reporting part
2014-09-03 16:32:23 -05:00
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
185ce36859
Land #3701 , @wchen-ru's AppleTV modules
2014-09-03 12:30:50 -05:00
10dee28fbd
Add http socket to the module sockets and allow the framework to cleanup
2014-09-03 12:01:48 -05:00
5acbcc80e2
no threading
2014-09-03 11:37:30 -05:00
3281781f6a
Addressed r7 comments, fixed bug in results loop
2014-09-01 13:43:31 -04:00
7dd73084bb
Added WiFi ifindex discovery and enhanced error handling
2014-09-01 00:49:10 -04:00
cf0f00a376
Variable name changes per ruby style guide
2014-08-31 23:57:20 -04:00
0735de0fd4
Changes to error output per PR comments
2014-08-31 23:57:20 -04:00
0a01da1ca9
Changed default value for SNMP Version option
2014-08-31 23:57:20 -04:00
e6126fde72
Modified to pull username and password first
2014-08-31 23:57:19 -04:00
5153886077
Added disclosure URL and cleaned up output fields
2014-08-31 23:57:19 -04:00
4ef369112f
Cleanup per msftidy report of Spaces at EOL
2014-08-31 23:57:19 -04:00
e37d56766f
Corrected extraction of WEP keys, current key, RADIUS server and port
2014-08-31 23:57:19 -04:00
f1cd601401
Modified logic to attempt to process WiFi key data even if primary Wifi interface is not up
2014-08-31 23:57:19 -04:00
e5111f7634
Simplified get_radius_info method and cleaned up comments
2014-08-31 23:57:19 -04:00
c556a6e331
Fixed syntax issue
2014-08-31 23:57:19 -04:00
81047e911a
Corrected OIDs to all numeric
2014-08-31 23:57:19 -04:00
b253e444cb
Initial commit of SBG6580 scanner after cleanup
2014-08-31 23:57:18 -04:00
8ba5488198
Update wordpress_login_enum.rb
...
Fixed some typos.
2014-08-30 13:37:48 -10:00
a142e78a66
refactor wordpress_xml_rpc_login
...
refactor the login module to use the loginscanner class
2014-08-29 13:09:09 -05:00
0e14b271a1
Merge branch 'master' into wordpress-xmlrpc-login-scanner
2014-08-29 12:50:34 -05:00
fbae68870c
cleanup one stray comment
2014-08-29 10:57:51 -05:00
4c93cbc62c
changes based on feedback, added timeout error message
2014-08-29 10:57:20 -05:00
f7091d854e
Add a timeout
2014-08-28 22:26:38 -05:00
40f581458a
Land #3570 , @ikkini scanner for rsync
2014-08-28 18:48:32 -05:00
9fb9ab813c
Add URL reference
2014-08-28 18:47:56 -05:00
bc542a011d
Change module filename
2014-08-28 18:42:30 -05:00
213fe23970
Clean rsync_modules_list
2014-08-28 18:40:55 -05:00
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
784ece574e
Found additional typos.
2014-08-28 09:03:19 -05:00
cb634cfef3
Fixed annoying typo that shows up in validation screenshots
2014-08-28 08:50:30 -05:00
0ba2f1e457
Leave a note about the old empty password issue
2014-08-27 17:06:11 -05:00
d5b70cca24
"Auth bypass" does not really describe what the feature actually does
2014-08-27 16:56:07 -05:00
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
67efa76fc4
changes based on feedback
2014-08-27 09:08:18 -05:00
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
fde2687c9e
Store edition,version,build in the fingerprint.match
2014-08-26 18:44:08 -05:00
d5e39ae284
Adjustments for new LoginScanner code
2014-08-26 18:13:00 -05:00
ba1f7c3bf6
Land #3687 , reworks the nat-pmp portscanner
2014-08-26 14:34:46 -05:00
ed9bb3e52c
Fix a small typo
2014-08-26 14:34:10 -05:00
775ebce56b
Correct natpmp_portscan's print_* usage to include peer
2014-08-26 12:27:12 -07:00
4e19d9ade1
Land #3545 , fix up sip scanners, msftidy, db services cmd
2014-08-26 14:07:21 -05:00
5826d7b164
vprint_status when no external address obtained, print_ is too noisy
2014-08-26 12:05:40 -07:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
246f021437
Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
2014-08-26 10:49:53 -07:00
5c57f9b4eb
Don't overload RPORT/LPORT for mapping external -> internal ports
2014-08-26 10:49:53 -07:00
162508f532
Update NAT-PMP modules to use new/updated mixins
2014-08-26 10:49:53 -07:00
816404bb88
Move common NAT-PMP functionality into a central place
2014-08-26 10:49:53 -07:00
ca11eae3a9
Show a useful failure message when the external address probe fails
2014-08-26 10:49:52 -07:00
bb00c97f46
Add a CERT reference
2014-08-26 08:29:28 -07:00
40fe2fd3a9
Remove DRDoS references, as this just proves amplification
2014-08-26 08:23:50 -07:00
10f52d8765
Use MX of 1 to speed up responses from endpoints that respect it
2014-08-26 08:00:30 -07:00
333c3a90ae
Space between SSDP headers and values, which is sometimes required
2014-08-26 07:57:59 -07:00
337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification
2014-08-26 07:48:44 -07:00
04fbd07a16
vprint_error in the unlikely event we get an unexpected response
2014-08-26 07:30:14 -07:00
79b05db409
Correct minor style issues
2014-08-26 07:26:30 -07:00
63b75a0093
SSDP Amplification module changes
2014-08-26 16:03:32 +07:00
Jon Hart
tate
jvazquez-r7
nullbind
William Vu
Joe Vennix
HD Moore
Tod Beardsley
Pedro Ribeiro
Nikita
Deral Heiland
Fatih Ozavci
sinn3r
Peter Arzamendi
Jonathan Claudius
scriptjunkie
James Lee
nstarke
ikkini
URI Assassin
Roberto Soares Espreto
Spencer McIntyre
Brendan Coles
Christian Mehlmauer
Ramon de C Valle
Thomas Ring
Josh Abraham
Luke Imhoff
us3r777
David Maloney
Chris Hebert
John Sawyer
Matthew Kienow
inokii
DrDinosaur
Matt Andreko
Tom Sellers
xistence